Configuration Requirements - Cisco ASA 5505 Getting Started Manual

Chapter 6 Scenario: DMZ Configuration

Configuration Requirements

78-17612-01
This configuration procedure assumes that the adaptive security appliance already
has interfaces configured for the inside interface, the DMZ interface, and the
outside interface. Set up interfaces of the adaptive security appliance by using the
Startup Wizard in ASDM. Be sure that the DMZ interface security level is set
between 0 and 100. (A common choice is 50.)
For more information about using the Startup Wizard, see
"Configuring the Adaptive Security Appliance."
The section includes the following topics:
Configuration Requirements, page 6-5
•
• Starting ASDM, page 6-6
Creating IP Pools for Network Address Translation, page 6-7
•
Configuring NAT for Inside Clients to Communicate with the DMZ Web
•
Server, page 6-12
Configuring an External Identity for the DMZ Web Server, page 6-16
•
Providing Public HTTP Access to the DMZ Web Server, page 6-18
•
The following sections provide detailed instructions for how to perform each step.
Configuring the adaptive security appliance for this DMZ deployment requires
the following configuration tasks:
For the internal clients to have HTTP access to the DMZ web server, you
•
must create a pool of IP addresses for address translation and identify which
clients should use addresses from the pool. To accomplish this task, you
should configure the following:
A pool of IP addresses for the DMZ interface. In this scenario, the IP pool
-
is 10.30.30.50-10.30.30.60.
A dynamic NAT translation rule for the inside interface that specifies
-
which client IP addresses can be assigned an address from the IP pool.
For the internal clients to have access to HTTP and HTTPS resources on the
•
Internet, you must create a rule that translates the real IP addresses of internal
clients to an external address that can be used as the source address.
Configuring the Security Appliance for a DMZ Deployment
Cisco ASA 5505 Getting Started Guide
Chapter 5,
6-5